Appreciated a lot with the feedback. I have tested HOIC and LOIC, they
are both windows, so might not that suitable for my pentest
environment, as I'm using a datacenter linux server as the attacker to
dos my webserver.

We are still testing Slowloris and RUDY. Siege so far able to trigger
more concurrent connection to the victim with 1000+, which ab maximum
connection is only around 100+. After those threshold, we will be
getting error from the attacker. We are using a Centos 5.5 for the
attacker.